Tanium Discover User Guide. Version 2.5.1

Size: px
Start display at page:

Download "Tanium Discover User Guide. Version 2.5.1"

Transcription

1 Tanium Discover User Guide Version May 07, 2018

2 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed to be accurate, but is presented without any warranty of any kind, express or implied, except as provided in Tanium s customer sales terms and conditions. Unless so otherwise provided, Tanium assumes no liability whatsoever, and in no event shall Tanium or its suppliers be liable for any indirect, special, consequential, or incidental damages, including without limitation, lost profits or loss or damage to data arising out of the use or inability to use this document, even if Tanium Inc. has been advised of the possibility of such damages. Any IP addresses used in this document are not intended to be actual addresses. Any examples, command display output, network topology diagrams, and other figures included in this document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Please visit for the most current Tanium product documentation. Tanium is a trademark of Tanium, Inc. in the U.S. and other countries. Third-party trademarks mentioned are the property of their respective owners Tanium Inc. All rights reserved Tanium Inc. All Rights Reserved Page 2

3 Table of contents Discover overview 7 Unmanaged interface discovery 7 Client deployment 7 Interface labels 7 Network Access Control (NAC) integration 8 Notifications 8 Getting started 9 Discover requirements 10 Tanium dependencies 10 Third-party software requirements 10 Tanium Module Server computer resources 10 Host and network security requirements 10 Ports 10 Security exclusions 11 Internet URLs 11 Console roles and privileges 11 Tanium Server Tanium Server Installing Discover 14 Before you begin 14 Install Discover solution 14 Install Discover Client Deploy solution 14 Verify that the correct versions are running Tanium Inc. All Rights Reserved Page 3

4 Configure service account 15 What to do next 15 Upgrading from previous versions of Discover 16 Upgrade Discover 16 Upgrade the Discover Client Deploy solution 16 Review changes to the Nmap discovery method after upgrading to Discover Remove unmanaged assets and Discover artifacts from Version Clean up unmanaged interfaces artifacts 17 Clean all the endpoints of Discover artifacts 18 Disable scheduled asset tracking actions from Discover Version Discovering unmanaged interfaces 19 Discovery methods overview 19 ARP cache discovery 19 Interface connections discovery 20 Simple ping script discovery 20 Nmap scan discovery 21 Managed interfaces 23 Configure discovery methods 23 Prerequisites 23 Procedure 24 What to do next 25 Deploying Tanium Client to unmanaged endpoints 26 Tanium Client deployment overview 26 Connection methods 27 Set up the Client Deployment service Tanium Inc. All Rights Reserved Page 4

5 (Optional) Set up PsExec on Tanium Module Server 30 Prepare endpoints for deployment 31 Configure Windows computers 31 Configure Linux or Macintosh computers 32 Deploy Tanium Client 32 Results 35 Managing interfaces 36 Customize lists of interfaces 36 Label interfaces manually 36 Create labels 37 Manage labels 37 Ignore interfaces 38 Automatically label interfaces 38 Example: Automatically ignore or purge interfaces based on last discovered date 40 Example: Automatically label interfaces by using a wildcard character 40 Block network access 40 Configure connections for blocking and unblocking 41 Example: Block and unblock connections 42 Deploy block and unblock actions 43 Configuring Discover notifications 45 Prerequisites 45 Configure notifications in Connect 46 Troubleshooting 49 Collect logs 49 View Discover scan ranges Tanium Inc. All Rights Reserved Page 5

6 Why is the number of managed interfaces higher than the system status? 49 Uninstall Discover Tanium Inc. All Rights Reserved Page 6

7 Discover overview With Discover, you can find and maintain an inventory of interfaces in your environment. By installing the Tanium Client on your endpoints, you can actively monitor the local subnet, detect unmanaged interfaces, and report the interfaces to Discover. You can then perform the following tasks: Block unmanaged interfaces from network access. Deploy Tanium Client to bring endpoints under management. Get real-time information about unmanaged interfaces on your network. Tanium-managed endpoints scan for or detect unmanaged interfaces at configurable intervals. Discover queries endpoints for updated detection data periodically. New information is immediately available. The detection process provides continuous scanning without impact to network operations. Discover is integrated with a collection of sensors, packages, and actions. With this tool set, you can bring network interfaces under management within minutes of detection. Unmanaged interface discovery You can choose between several discovery methods that detect interfaces that are on the network but not under Tanium management. Tanium Client initiates scans at regular intervals throughout the network environment. For more information, see Discovering unmanaged interfaces on page 19. Client deployment You can use the Discover Client Deploy solution to deploy the Tanium Client to the unmanaged interfaces to bring the computers under management by Tanium Server. For more information, see Deploying Tanium Client to unmanaged endpoints on page 26. Interface labels Labels include descriptive information or metadata that you can use to identify and group interfaces. Then, you can classify or search interfaces based on the labels. You can also automatically apply labels or ignore interfaces based on a specifically defined set of conditions. For more information about labels, see Managing interfaces on page Tanium Inc. All Rights Reserved Page 7

8 Network Access Control (NAC) integration Discover integrates with NAC solutions that perform network access blocking. With this capability, you can quickly identify and block rogue interfaces from the network. The Palo Alto Networks integration uses the capabilities of the Palo Alto Networks NG Firewall to provide network access control blocking as a built-in action of Discover. For more information, see Block network access on page 40. Notifications Discover records events when an unmanaged interface is found, a new managed endpoint is found, or if an interface is lost. Discover can send these events to another system, such as a SIEM, , or file, with a connection in Tanium Connect. This connection sends the event notification from Discover to a configured destination. For more information about configuring the Discover notifications connection, see Configuring Discover notifications on page 45. This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties ( Third Party Items ). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium. Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium, are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party intellectual property rights Tanium Inc. All Rights Reserved Page 8

9 Getting started 1. Install Tanium Discover. If you are installing for the first time, see Installing Discover on page 14. If you are upgrading from a previous version, see Upgrading from previous versions of Discover on page Configure discovery so that you can find unmanaged interfaces. For more information, see Configure discovery methods on page Deploy Tanium Client to unmanaged endpoints. For more information, see Deploying Tanium Client to unmanaged endpoints on page Organize your endpoints and interfaces with labels, or block network interfaces. For more information, see Managing interfaces on page Tanium Inc. All Rights Reserved Page 9

10 Discover requirements Review the requirements before you install and use Discover. Tanium dependencies Component Platform Tanium Client Tanium Connect License Requirement Version 6.5 or later. All Tanium Client versions are supported. Version 3.2 or later (for network blocking and notifications). For information about licensing Discover, contact your Technical Account Manager (TAM). The license for Discover includes the following solutions: Discover Discover Client Deploy Third-party software requirements PsExec v2.11 or later (Optional; for using PSEXEC to deploy Tanium Client) Tanium Module Server computer resources Discover is installed and runs as a service on the Module Server host computer. The impact on Module Server host computer sizing is minimal and depends on usage. Contact your TAM for details. Host and network security requirements Specific ports and processes are needed to run Discover. Ports The following ports are required for Discover communication Tanium Inc. All Rights Reserved Page 10

11 Component Port Direction Service Purpose Module Server Loopback Discover Internal purposes; not externally accessible. Security exclusions Loopback Discover Internal purposes; not externally accessible. If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. Target Device Process Tanium Module Server node.exe ProxyingPlugin.exe twsm.exe Endpoint Computers 7za.exe Internet URLs npcap-0.93.exe vcredist_x86.exe nmap.exe If security software is deployed in the environment to monitor and block unknown URLS, your security administrator must whitelist the following URLs: content.tanium.com Console roles and privileges Tanium Server 7.0 Administrator user role is required for all Discover functions. Tanium Server 7.1 Discover 2.2 introduces role-based access control (RBAC) permissions that control access to the Discover workbench. The three predefined roles are Discover Admin, Discover User, and Discover Read Only User Tanium Inc. All Rights Reserved Page 11

12 IMPORTANT: The Discover Administrator role also provides legacy Tanium Administrator privileges. Table 1: Privilege Tanium 7.1 Discover User Role Privileges Show Discover View managed and unmanaged interfaces Discover Asset Read View lists of managed and unmanaged interfaces, export data from interface tables Discover Asset Write Apply or remove label on an interface Discover Administrator Discover User Discover Read Only User Discover Asset Block Block interface with Palo Alto Dynamic Address Group Discover Asset Unblock Unblock interface with Palo Alto Dynamic Address Group Discover Tag Write Create or remove labels Discover Manual Import Execute Import interfaces manually with the Discover Unmanaged Interfaces button 2018 Tanium Inc. All Rights Reserved Page 12

13 Privilege Discover Administrator Discover User Discover Read Only User Discover Settings Write Edit Discover settings, create discovery methods 2018 Tanium Inc. All Rights Reserved Page 13

14 Installing Discover You can install Discover from the Solutions page. Before you begin Review Discover requirements on page 10. If you are upgrading from a previous version of Discover, see Upgrading from previous versions of Discover on page 16. You must be assigned the Administrator reserved role to import the Tanium Discover and Discover Client Deploy solutions. Note: The procedures and screen captures that are in the documentation are for Version 7 and later. Version 6 procedures and screens might vary. Install Discover solution Import Discover from the Solutions page. 1. From the Main Menu, click Tanium Solutions. 2. Under Tanium Discover, click Import Version. 3. In the Content Import Preview window, you can expand the package to review the Tanium content that is being installed. Click Proceed with Import. 4. After the installation process completes, refresh your browser. 5. From the Main Menu, click Discover. The Discover home page is displayed. Install Discover Client Deploy solution If you plan to use Discover to deploy Tanium Client to your endpoints, install the Discover Client Deploy solution. 1. From the Main Menu, click Tanium Solutions Tanium Inc. All Rights Reserved Page 14

15 2. In the Tanium Content section, select the Discover Client Deploy row and click Import Solution. 3. Review the list of Packages and Sensors and click Proceed with Import. To finish configuring the Discover Client Deploy service, see Deploying Tanium Client to unmanaged endpoints on page 26. Verify that the correct versions are running From the Discover home page, click information. Confirm that the Service Version, Client Deploy Version, and Workbench Version are at the expected numbers. The Service Version and Workbench Version should be the same. Configure service account You must specify a Tanium administrator user that can be used to run several background processes for Discover. From the Discover home page, click settings account settings and click Save Changes.. Update the service What to do next See Getting started on page 9 for more information about configuring scanners to discover interfaces, deploying the Tanium Client to unmanaged interfaces, and managing interfaces Tanium Inc. All Rights Reserved Page 15

16 Upgrading from previous versions of Discover If you installed previous versions of Discover, make sure that you complete any required migration activities. Upgrade Discover 1. From the Main Menu, click Tanium Solutions. 2. In the Discover section, click Upgrade to Version. 3. Review the list of Saved Actions, Packages, and Sensors. Most are overwritten during the upgrade process. Click Proceed with Import. 4. To confirm the upgrade, return to the Tanium Solutions page and check the Installed version for Discover. 5. Reconfigure the service account. The user name and password is not preserved after Discover 2.x upgrades. From the Discover home page, click settings service account settings and click Save Changes.. Update the 6. The Discover actions get re-created during upgrade. If you have action approval enabled, you must approve these actions again. From the Main Menu, click Actions > Actions I Can Approve. For more information, see Using action approval. Upgrade the Discover Client Deploy solution In Discover 2.0 and later, you must import the Discover Client Deploy solution after you install the Discover solution. For more information, see Install Discover Client Deploy solution on page 14. If you are upgrading from Version 1.1 or earlier, Tanium Connect is no longer a requirement for Client Deployment. Discover Version 1.2 adds a new user interface for configuring and deploying the Tanium Client. For more information, see Deploying Tanium Client to unmanaged endpoints on page From the Main Menu, click Tanium Solutions. 2. In the Tanium Content section, select Discover Client Deploy and click Upgrade Solution. 3. Review the list of Saved Actions, Packages, and Sensors. Most are overwritten during the upgrade process. Click Proceed with Import Tanium Inc. All Rights Reserved Page 16

17 4. To confirm the upgrade, return to the Tanium Solutions page and check the Installed version for Discover Client Deploy. 5. (Optional) In Discover 2.0 and later, PsExec is no longer installed and configured by default. For more information about configuring PsExec to deploy the Tanium Client, see (Optional) Set up PsExec on Tanium Module Server on page 30. Review changes to the Nmap discovery method after upgrading to Discover 2.5 In Discover 2.5, the Npcap library replaced the WinPcap library for the Nmap discovery method. If you used the Nmap discovery method and are upgrading from a previous version of Discover, both WinPcap and Npcap are installed on your endpoints. If WinPcap is being used only to support the Nmap discovery method, you can remove WinPcap from your endpoints. The Discover upgrade process does not remove WinPcap. Contact your TAM for assistance with uninstalling WinPcap. For more information about the Nmap discovery method, see Nmap scan discovery on page 21. Remove unmanaged assets and Discover artifacts from Version 1.0 If you used Discover Version 1.0, you might want to clean up your endpoints by removing unmanaged assets or Discover artifacts. These artifacts include scan results files, configuration files, and the scanner utility. Clean up unmanaged interfaces artifacts 1. Ask the question: Get Has Legacy Unmanaged Assets Artifacts from all machines 2. Run the following actions against the systems that report true: Remove Legacy Unmanaged Assets from Endpoints Remove Legacy Unmanaged Assets from Endpoints for Non-Windows These actions remove the following files: Tanium Client\Tools\oui.txt Tanium Client\Tools\unmanaged_assets_Linux_Mac.sh Tanium Client\Tools\Scans\uaresults.txt 2018 Tanium Inc. All Rights Reserved Page 17

18 Tanium Client\Tools\Scans\uaresultsreadable.txt Tanium Client\Tools\Scans\maresults.txt Tanium Client\Tools\Scans\maresultsreadable.txt Tanium Client\Tools\Scans\Names.dat Tanium Client\Tools\Scans\WakeResults.dat Tanium Client\Tools\Scans\WakeResultsReadable.dat Clean all the endpoints of Discover artifacts 1. Ask the question: Get Has Discover Artifacts from all machines 2. If any endpoints report back as true for having Discover artifacts, run two actions against that answer: Remove Discover from Endpoints Remove Discover from Endpoints for Non-Windows When the action runs, any Discover artifacts are removed from the endpoint. The action looks for the following directory: Tanium Client\Tools\Discover Disable scheduled asset tracking actions from Discover Version 1.0 If you upgraded from Discover Version 1.0, you must remove the scanning actions that you previously configured and add a new scanner configuration. 1. From the Main Menu, click Actions > Scheduled Actions. 2. Verify that the following Unmanaged Asset Tracking actions are disabled: Unmanaged Asset Tracking - Run Scan Non-Windows Unmanaged Asset Tracking - Run Scan Unmanaged Asset Tracking - Deploy Scan Tools and Scan - Non-Windows Unmanaged Asset Tracking - Deploy Scan Tools and Scan 2018 Tanium Inc. All Rights Reserved Page 18

19 Discovering unmanaged interfaces When you configure discovery methods, the managed interfaces in your environment are used to identify unmanaged interfaces. Managed interfaces have Tanium Client installed and are listed in the Interfaces pages with a red icon with a gray icon.. Unmanaged interfaces are listed After identifying the unmanaged interfaces, you can bring these interfaces under the management of your Tanium Server by installing the Tanium Client with the Tanium Client Deployment service in Discover. Discovery methods overview To define a discovery method, you must specify a computer group to scope where the discovery method runs. For example, you might create a computer group that includes endpoints only when they are on the secure network. For active discovery methods, such as simple ping script discovery, you might choose to scope the discovery to computer groups in a specific subnet and run discovery a few times a day. For passive discovery methods, you might choose to scope the discovery to a computer group and run discovery every hour. Each discovery method has its own set of benefits and drawbacks. A typical configuration usually contains a combination of passive and active discovery methods that are scoped by different computer groups and schedules. Work with your Technical Account Manager (TAM) to ensure that you fully understand the impact before you deploy a discovery method. ARP cache discovery The Address Resolution Protocol (ARP) cache discovery method accesses ARP cache tables that are on all managed endpoints. These ARP cache tables provide data about the interfaces in the immediate network vicinity of each managed endpoint. When you enable ARP cache discovery, Discover uses a sensor to collect the ARP cache from each managed interface. The ARP cache can include interfaces that are not a part of the network. When ARP cache discovery runs on a managed interface, it filters out the interfaces that are not in the immediate network vicinity by removing any interfaces that do not match the first three octets of any of the IP addresses. For example, the managed interface has one or more IP 2018 Tanium Inc. All Rights Reserved Page 19

20 addresses assigned, such as and Only ARP interfaces that match the first three octets (either or ) are reported. Supported platforms: Windows, Linux Discover 1.3 and later also supports: Mac OS X, Solaris, AIX Data Received: IP Address, MAC, NAT IP Address, Device Type Network impact: The ARP cache discovery method has nearly no network impact. This method uses only a sensor to look at the ARP tables that are already on the endpoint. Limitations: Online availability data is not available from ARP Cache discovery. Value on Interfaces pages: arp Interface connections discovery The connections discovery method uses a sensor to collect all current IP connections that are made to each managed endpoint. Then, this discovery method looks up the interfaces in the local ARP cache to resolve the related MAC address. This discovery method improves on the ARP cache discovery because of the IP connection data. When connections discovery runs on an endpoint that has the Tanium Client, it filters out the interfaces that do not reside in the subnet of the endpoint. Supported platforms: Windows Data Received: IP Address, MAC, NAT IP Address Network impact: Connections discovery has nearly no impact on the network. This method uses only a sensor to discover interfaces. Value on Interfaces pages: connected Simple ping script discovery The simple ping script discovery method finds unmanaged interfaces by automatically distributing a scanning package to the Tanium managed endpoints, then scanning only in the gaps between the managed interfaces. Scanning only in the gaps eliminates many of the common issues with network scanners that generate a lot of network traffic and trigger alarms in intrusion prevention systems (IPS) and firewalls Tanium Inc. All Rights Reserved Page 20

21 Managed endpoints are connected to each other in a linear chain architecture. On a single managed endpoint, the scanning package calculates a range of IP addresses to scan by looking at its peers in the linear chain. This range is from the backward peer in the linear chain to either the forward peer or the end of the subnet. After the range is calculated, the scanning package pings the targeted IP addresses. After it finds interfaces, the simple ping script resolves host names. Isolated endpoints are not scanned by default. Isolated endpoints are endpoints that are on an isolated subnet, or appear to be on an isolated subnet because the endpoint has no peers. For more information about isolated subnets, see Tanium Client Deployment Guide: Configure "isolated subnets". To override this behavior, select the Enable Scanning on Isolated Endpoints option when you configure the discovery method. When the results are imported, the Discover service checks to see if the interface is managed or unmanaged. The MAC and Device Type are also resolved as a part of the import process. Supported platforms: Windows, Linux, Mac OS X Discover 1.3 and later also supports: Solaris, AIX Data Received: IP Address, MAC, Device Type, Hostname, and NAT IP Address Network impact: The simple ping script discovery method uses a sensor and package. The network impact is running a ping -a command for each targeted IP address. The simple ping script discovery causes a bit more network impact, therefore you might choose to run it on a smaller computer group or at a longer interval. Limitations: The automatic scanning package distribution and configuration must be completed before discovery can begin. The package distribution takes about one and a half times the configured reissue setting. For example, if you have the simple ping method set to run every hour, unmanaged interfaces start to display in Discover after 1.5 hours. However, this distribution cost is only incurred upon creation or update of the ping discovery method. Value on Interfaces pages: script Nmap scan discovery IMPORTANT: The Npcap library replaced the WinPcap library in Discover 2.5. See Review changes to the Nmap discovery method after upgrading to Discover 2.5 on 2018 Tanium Inc. All Rights Reserved Page 21

22 page 17. Nmap scan discovery finds unmanaged interfaces by automatically distributing a scanning package to the Tanium managed endpoints, then using the Network Mapper (Nmap) utility for network discovery and security auditing to do host discovery. Nmap can find information about network interfaces beyond what can be acquired with the other discovery methods, including OS fingerprinting. The Nmap scan discovery method calculates a range of IP addresses to scan by looking at its peers in the linear chain, similar to the simple ping script discovery method. Isolated endpoints are not scanned by default. Isolated endpoints are endpoints that are on an isolated subnet, or appear to be on an isolated subnet because the endpoint has no peers. For more information about isolated subnets, see Tanium Client Deployment Guide: Configure "isolated subnets". To override this behavior, select the Enable Scanning on Isolated Endpoints option when you configure the discovery method. Use one of the following options for configuring Nmap scan discovery: Host Run Nmap scan discovery on the local subnet with default settings. If an ARP reply to the target is found, the endpoint is listed as available. No operating system or open port information is returned about the interfaces. Host Discovery and OS fingerprint Run Nmap scan discovery with default settings, same as the Host Discovery setting. By default, OS fingerprinting scans about 1000 commonly used TCP ports on each endpoint. You can specify your own list of TCP ports to scan and exclude with advanced settings on the discovery method. Supported platforms: Windows, Linux, Mac OS X, Solaris Data Received: IP Address, MAC, Device Type, Hostname, Open Ports (includes most commonly used 1000 ports as identified by Nmap, or from the list you specified), OS Platform, OS Generation, and NAT IP Address Network impact: The Nmap scan discovery method uses a sensor and package. The level of network impact depends on the configuration. Endpoint files: The Nmap discovery method installs the following files on Windows endpoints. You might need to add exclusions for these files: 2018 Tanium Inc. All Rights Reserved Page 22

23 7za.exe: Extracts files. nmap.zip: Runs scanning operations. npcap-0.93.exe and vcredist_x86.exe: Run on the endpoint and add libraries that Nmap requires. These executable files run out of the Tanium Client\Downloads\Action_<action_id> directory. Npcap is loaded on demand and is available to only admin users on the endpoint. On all platforms, the nmap.exe executable runs scanning operations from the Tanium Client\Tools\Discover\nmap\ directory. Limitations: The automatic scanning package distribution and configuration also must be completed before discovery can begin. The package distribution takes about one and a half times the configured reissue setting. For example, if you have the Nmap Scan discovery method set to run every hour, unmanaged interfaces start to display in Discover after 1.5 hours. However, this cost of distribution is only incurred upon creation and update of the Nmap discovery method. Value on Interfaces pages: nmap Managed interfaces In addition to the discovery methods for unmanaged interfaces, interfaces that respond to the Managed Assets saved question are created with a Computer ID value only. Value on Interfaces pages: managed Configure discovery methods How often unmanaged interface information is imported into the Interfaces lists in Discover is determined by the global Background Process Frequency setting. The frequency setting of each discovery method configuration determines the currency of the data that is being imported. Prerequisites You must have computer groups defined to specify a scope in which to run your discovery method. To configure computer groups, click the Main Menu, then Administration > Computer Groups Tanium Inc. All Rights Reserved Page 23

24 Procedure 1. (Optional) Configure the background process frequency. Click Settings and edit the Background Processes Frequency setting. This setting determines how often the results from running discovery methods are imported to the Interfaces pages. 2. Click the Discovery Methods tab. To add a discovery method, click Add Discovery Method. The settings vary depending on the discovery method that you select. If you are configuring simple ping script or Nmap discovery, you can specify whether isolated endpoints should be scanned. 3. The results of discovery methods are imported on the reissue interval that you defined. The results are imported on the interval that you defined for background processing. To force an import of the results, go to the Discover home page. In the How to Use Discover section, click Configure Discover Settings then Discover Unmanaged Interfaces. When you click this button: 2018 Tanium Inc. All Rights Reserved Page 24

25 ARP discovery, Asset connections results are collected and imported. Simple ping script and Nmap discovery active results are collected. If these methods are not active on the endpoints, no results are collected. IMPORTANT: Clicking Discover Unmanaged Interfaces does not force the execution of the simple ping script or the Nmap discovery methods. The results for those methods are gathered if they are already distributed and active on the endpoints. What to do next After you discover the unmanaged interfaces, you can bring them under management. For more information, see Deploying Tanium Client to unmanaged endpoints on page 26. Manage your interfaces with labels. For more information, see Managing interfaces on page 36. Configure notifications for Discover events. For more information, see Configuring Discover notifications on page Tanium Inc. All Rights Reserved Page 25

26 Deploying Tanium Client to unmanaged endpoints Discover Client Deploy After you discover unmanaged endpoints through your configured discovery methods, you can deploy the Tanium Client to the supported unmanaged endpoints to bring the computers under management by Tanium Server. IMPORTANT: In Discover 2.0 and later, you must install a separate solution to get the Discover Client Deploy components. For more information, see Install Discover Client Deploy solution on page 14. Tanium Client deployment overview The Tanium Client Deployment service runs as a Windows service on your Tanium Module Server. You first configure this service and stage to the Module Server the versions of Tanium Client installer that you want to deploy. After this initial configuration, you can perform the deployment of Tanium Client to your targeted endpoints. The client deployment process involves three basic steps: target, prepare, and deploy Tanium Inc. All Rights Reserved Page 26

27 Figure 1: Target Prepare Deploy An example of how the deployment process might work follows: 1. Target: You target 30 computers that you believe are running the Windows operating system. You also think that these 30 targeted endpoints also share the same credentials and infrastructure keys. 2. Prepare: You configure the credentials, infrastructure keys, and other installation options for the 30 targeted endpoints. For the specifics of preparing each type of endpoint, see Prepare endpoints for deployment on page Deploy: After you review your settings and attempt to deploy, you might see that 20 of the targeted endpoints had the Tanium Client installed successfully. 10 of the targeted endpoints had errors during the deployment process. For the 10 remaining endpoints, you can review the logs and create another deployment with new settings. Connection methods On Windows, you can use either the PsExec or the Windows Management Instrumentation Command-line (WMIC) utilities to deploy the Tanium Client to the unmanaged endpoints. The PsExec utility generally performs faster, but you can use the WMIC option on computers that initially return an Unknown OS during deployment Tanium Inc. All Rights Reserved Page 27

28 On Linux and Mac, use the SSH utility to deploy the Tanium Client. Set up the Client Deployment service To deploy the Tanium Client to unmanaged endpoints, configure the Client Deployment service. The service runs on the Tanium Module Server. 1. (Discover 2.0 and later) Install the Discover Client Deploy solution. In Discover 2.0 and later, you must install a separate solution to get the Discover Client Deploy components. For more information, see Install Discover Client Deploy solution on page Set up Discover Client Deployment. Click Settings and then the Client Deploy tab. When the service configuration is successful, the page displays a message: The Tanium Discover Client Deploy service is installed. By default, the Client Deployment service starts the service as Local System, which is compatible only with SSH and WMIC. PsExec requires administrative credentials. To set up PsExec, see (Optional) Set up PsExec on Tanium Module Server on page Configure targeted infrastructures. If you have your Tanium Server and Tanium Module Server running on the same computer in a testing environment, you can use the Default infrastructure that is already configured Tanium Inc. All Rights Reserved Page 28

29 If your Tanium Module Server and Tanium Server are on separate computers, as recommended for production deployments, you must download the.pub file from your Tanium Server and add it as a targeted infrastructure. a. Download the.pub file from the \Program Files\Tanium\Tanium Server\ directory. b. Click Add another target infrastructure and add the Tanium.pub file that you downloaded from your Tanium Server. If you have multiple Tanium Servers, such as for a production and lab environment, you might set up multiple targeted infrastructures. You could run the deployment from your lab infrastructure but have the resulting Tanium Client installations connected with the production infrastructure. 4. Stage client installers. For the Client Deployment Service to install Tanium Client on the unmanaged endpoints, you must have a copy of the installer for each targeted client platform on the Tanium Module Server. If your Tanium Module Server has Internet access, you can stage the installers automatically. Click the Stage button to put the installer on the Tanium Module Server. The installers are copied into the \Program Files\Tanium\Tanium Module Server\services\clientdeploy\stage directory. When the staging is complete, the row for the installer says Staged and includes the file size for the installer Tanium Inc. All Rights Reserved Page 29

30 If your Tanium Module Server is in an air-gapped environment, you can upload the installer. Click the Upload Client Installer link next to the platform installer that you want to upload. 5. (Optional) In Discover 2.0 and later, if you want to use the PsExec command line utility to deploy the Tanium Client to unmanaged interfaces, you must complete some additional steps to set up PsExec on the Module Server. For more information, see (Optional) Set up PsExec on Tanium Module Server on page 30. (Optional) Set up PsExec on Tanium Module Server PsExec performs faster than WMIC to install the Tanium Client on Windows endpoints. However, with Discover 2.0 and later you must perform a few extra configuration steps to set up PsExec on your Tanium Module Server. PsExec requires administrative credentials and cannot be run as the default local system. 1. Download the pstools.zip file from Microsoft TechNet: PsExec. 2. Expand the archive file. Copy the psexec.exe file to the: \Program Files\Tanium\Tanium Module Server\services\clientdeploy directory. 3. Update the Tanium Client Deploy service ownership to an Administrator. a. Open Windows services. From the Windows Start Menu, click Run. Type services.msc and click OK Tanium Inc. All Rights Reserved Page 30

31 b. Find the Tanium Client Deploy service in the list. Right-click the service and select Properties. c. In the Log On tab, set the account that is running the service to be an administrator user on the Tanium Module Server. Click Apply. d. Restart the Tanium Client Deploy service. Prepare endpoints for deployment To deploy the Tanium Client installer, you must enable the target endpoints for remote software installation. Configure Windows computers CAUTION: The use of PsExec and WMIC by Tanium Client Deployment can result in credential exposure. Windows credential handling during logon events might expose user name and password in command line arguments on the source system that is initiating the deployment, and in memory on the remotely accessed endpoints. To protect credentials that are used for client deployment, use one of the following options: 2018 Tanium Inc. All Rights Reserved Page 31

32 Use a temporary account that is removed after deployment. Disable or change the password for the account after client deployment is complete. Enable Remote Procedure Call (RPC). Enable File and Print Sharing. Disable any host-based firewalls or other security tools on the endpoint that might interfere with a remote installation initiated through RPC. Verify that you can log in to the remote system with PsExec or WMIC command line utilities with the same credentials you are planning to use for the Tanium Client Deployment. For example: psexec \\ u Administrator -p myp@ssw0rd cmd /c dir C:\Users\Administrator\Documents Configure Linux or Macintosh computers Enable SSH and verify that it is running. Configuring SSH also enables file sharing. Disable any host-based firewalls or other security tools on the endpoint that might interfere with a remote installation that is initiated through SSH. If you are using the root account to install, make sure the sshd_config allows root login. Verify that you can log in to the remote system with SSH, using the same credentials you are planning to use for the Tanium Client Deployment. Deploy Tanium Client After you configure the Client Deploy service and prepare your endpoints, you can start deploying Tanium Client to your unmanaged interfaces Tanium Inc. All Rights Reserved Page 32

33 1. Target endpoints. In Discover, go to an interfaces view. For example, click Interfaces > All Unmanaged Interfaces. Select the interfaces to which you want to deploy the Tanium Client and click Deploy Tanium Client. 2. Prepare deployment settings. a. In the Credentials for Targeted Endpoints section, set the user name and password that you want to use to log in to the targeted endpoints. b. In the Client Installer and Connection method section, create the following configuration: Choose the Connection Method that you want to use to install. Specify the Tanium Server information (Server Name, Server Port, and Infrastructure) with which you want the targeted interfaces to connect. The Infrastructure field displays only if you have multiple infrastructures defined. After the deployment completes, the Tanium Client that is installed on the targeted interface communicates with the Tanium Server that you specified, and uses the.pub file to validate messages that come from the Tanium Server. (Optional) Define Advanced Client Options for your Tanium Client installation, including the version, logging, and installation path Tanium Inc. All Rights Reserved Page 33

34 3. Deploy Tanium Client to selected interfaces. a. In the Selected Interfaces for the Tanium Client Deployment section, review the number of endpoints that are selected and click the Deploy button. As the deployment runs, the status of how many endpoints have received the Tanium Client is updated on the page. Tip: You can navigate away from the page during the deployment process and review the results later. b. Review the results of the deployment. To view the status of a client deployment later, click Client Deployment > Deployment Status. The deployment status shows how many of the deployments succeeded, and the errors that occurred with the failed deployments. To view the error logs for an interface, select the interface and 2018 Tanium Inc. All Rights Reserved Page 34

35 click View Logs. c. Try the deployment process again on the failed deployments. From the Deployment Status page, select the interfaces and click Redeploy. Clicking this button creates a new deployment for the selected interfaces. From there, you can update the deployment settings and run the deployment process again. This new deployment displays as a child deployment on the Deployment Status page. Results After the next background process import runs, interfaces that have the Tanium Client and are reporting to the Tanium Server are listed on the Managed Interfaces page Tanium Inc. All Rights Reserved Page 35

36 Managing interfaces After you discover your interfaces, the managed interfaces have Tanium Client installed and are listed in the Interfaces pages with a red icon. Unmanaged interfaces are listed with a gray icon. Interfaces can be easier to manage if you apply labels to split them into logical groups. You might create labels based on the following attributes: Region Label interfaces to group them by physical location. Organization and team Label interfaces to identify the department that owns them. Device type Label interfaces to classify them into management groups. For example, you can label laptop computers as mobile devices. Devices excluded from management Label devices that are not managed by Tanium. For example: printers, IP phones, and networking devices such as routers and switches. Customize lists of interfaces On the Interfaces pages, you can view your interfaces in many different ways (managed interfaces, unmanaged interfaces, labeled interfaces, and so on). You can customize and filter these views, then export the results to a.csv file. To customize an Interfaces page, click the menu on a column. From there, you can sort the results on that column, add columns to the data grid, and filter the results. To export the current data grid of interfaces to a.csv file, click export data. Label interfaces manually You can define multiple labels for a single interface. Label information is stored with your inventory in Discover and is preserved from one scan to the next Tanium Inc. All Rights Reserved Page 36

37 Create labels You can label interfaces in several of the views. Select the interfaces that you want to label and then click the Label button. From there, you can create a label or apply an existing label to the selected interfaces. To create a label from the Labels page, click Create. Manage labels After you define labels and assign them to your interfaces, you might want to change or remove labels. You can manage your labels in the Labels view. View all labels on the Labels page. Click a label to view the label details. If you delete a label, the label is removed from all the related interfaces Tanium Inc. All Rights Reserved Page 37

38 Ignore interfaces Ignoring an interface removes it from the list of interfaces and adds it to the list on the Ignored Interfaces page. An interface that is ignored is not included in views or counts other than the Ignored Interfaces page. To ignore interfaces, select interfaces and click the Ignore button, or create an automatic label to ignore interfaces. If you want to start tracking an interface again, you can update the interface on the Ignored Interfaces page. Automatically label interfaces When you have many interfaces to label, you might want to consider setting up automatic labeling on your interfaces. Automatic labels are applied to interfaces each time the discover unmanaged interfaces operation runs. In addition to applying a label on interfaces, you can also set actions to ignore, purge, or send notifications on the interfaces that match the conditions of the label Tanium Inc. All Rights Reserved Page 38

39 1. Set up automatic labeling with one of the following methods: When you create the label, change the type to Automatic Label. To make an existing label automatic, open the label in the Labels view, then click Edit. Change the type to Automatic Label. 2. Add conditions on which to apply the label. The conditions include Computer ID, Device Type, Discovery Method, First Seen, Hostname, IP Address, Mac address, Model, NAT IP Address, Last Discovered, Last Managed, Last Seen, Model, Open Ports, OS Generation, OS Platform, Previous Computer ID, and Labels. Note: The Open Ports condition is valid only with Nmap discovery. This condition is associated with the most common 1000 ports that get scanned by Nmap. 3. Set an activity that runs when the conditions in the label are matched. Label: Apply a label to the interface. Ignore: Add the interface to the list of Ignored Interfaces. Notify: Send a notification about the interface. Purge: Remove interfaces that match the criteria from the Discover database Tanium Inc. All Rights Reserved Page 39

40 Labeling is applied to interfaces each time the results from the discovery methods are imported. After you make a label automatic, the color of the label in the Interface Labels view is displayed in a darker gray color. If the label is set to ignore, it displays as red. Example: Automatically ignore or purge interfaces based on last discovered date To handle situations with ephemeral devices that go quickly on and off of the network, you can set up an automatic label that either moves the interface to the Ignored Interfaces page, or removes the interface from Discover. For example, you might want to ignore any interfaces that have not been discovered in the last 60 days. To set up this label, select: Last Discovered, Older Than, 60 days as the conditions, and choose Ignore as the label activity. To remove an interface, choose Purge as the label activity. Purging an interface completely removes all historical information about that interface from Discover. If you want to maintain some historical information about the interface, consider using the Ignore label activity. Example: Automatically label interfaces by using a wildcard character You can use an underscore (_) character as a wild card in your automatic labels. For example, you might want to filter the labeling on your interfaces by MAC address. You might have the following MAC addresses: 02-0F-B5-61-AB F-B5-38-1F F-B5-98-5B F-B5-55-0C F-B5-32-FA-E1 You can set up an automatic label: Mac Address contains B5-3_- that matches the following interfaces: 02-0F-B5-38-1F F-B5-32-FA-E1 Block network access If you have Palo Alto Networks Dynamic Address Group, Discover can send a request to Palo Alto to block network access for the unmanaged interface Tanium Inc. All Rights Reserved Page 40

41 Discover uses Tanium Connect to configure a networking device to block and unblock access to the network by an unmanaged interface. Note: The following steps are shown using Connect 4, but the steps for configuring blocking and unblocking connections with previous versions of Connect are similar. Configure connections for blocking and unblocking To configure both blocking and unblocking, you must configure two separate connections. Repeat these steps to configure two different connections: a connection for blocking and a connection for unblocking. The Label value on both connections must be identical. 1. Select the connection destination. From the Discover home page, go to the How to Use Discover section. Click Configure Network Access. Click Create a connection to block an unmanaged interface. The Create Connection page opens in Connect. The blocking connection is pre-configured with default settings. 2. Name the connection. In General Information section, confirm that Enable is selected. 3. Configure the source and destination. a. In the Source section, the Event source is selected by default. b. In the Event Group field, the Discover Blocking option is selected by default. To configure blocking, select Discover Blocking. To configure unblocking, select Discover Unblocking Tanium Inc. All Rights Reserved Page 41

42 c. In the Destination section, accept the default destination of Dynamic Address Group. d. In the Select operation field: To configure blocking, select Add. To configure unblocking, select Remove. e. Configure the Host, User Name, and Password for your firewall device. f. For the Label field, enter a text string to label the IP address of the interface to be blocked or unblocked. The Palo Alto Network firewall defines a Dynamic Address Group (DAG) based on this label. A blocking policy is applied to the DAG. You must use the exact same Label value for the blocking and unblocking connections. 4. (Optional) Filter the data. You can optionally filter for new items, regular expressions, numeric operators, or unique values from data columns. For more information, see Tanium Connect User Guide: Filtering options. Example: Block and unblock connections When the configuration is complete, you have two connections for blocking and unblocking interfaces. Both connections have similar settings for the server configuration and labels Tanium Inc. All Rights Reserved Page 42

Tanium Discover User Guide. Version 2.x.x

Tanium Discover User Guide. Version 2.x.x Tanium Discover User Guide Version 2.x.x June 27, 2017 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is

More information

Tanium Network Quarantine User Guide

Tanium Network Quarantine User Guide Tanium Network Quarantine User Guide Version 1.0.2 August 14, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as

More information

Tanium Map User Guide. Version 1.0.0

Tanium Map User Guide. Version 1.0.0 Tanium Map User Guide Version 1.0.0 September 06, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is

More information

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure Version: All December 21, 2018 The information in this document is subject to change without notice. Further, the information provided in

More information

Tanium Asset User Guide. Version 1.1.0

Tanium Asset User Guide. Version 1.1.0 Tanium Asset User Guide Version 1.1.0 March 07, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed

More information

Tanium Integrity Monitor User Guide

Tanium Integrity Monitor User Guide Tanium Integrity Monitor User Guide Version 1.2.4 February 20, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided

More information

Tanium Connect User Guide. Version 4.8.3

Tanium Connect User Guide. Version 4.8.3 Tanium Connect User Guide Version 4.8.3 September 11, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and

More information

Tanium Comply User Guide. Version 1.7.3

Tanium Comply User Guide. Version 1.7.3 Tanium Comply User Guide Version 1.7.3 August 21, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is

More information

Tanium Asset User Guide. Version 1.3.1

Tanium Asset User Guide. Version 1.3.1 Tanium Asset User Guide Version 1.3.1 June 12, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed

More information

Tanium Patch User Guide. Version 2.1.5

Tanium Patch User Guide. Version 2.1.5 Tanium Patch User Guide Version 2.1.5 May 21, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed

More information

Tanium Patch User Guide. Version 2.3.0

Tanium Patch User Guide. Version 2.3.0 Tanium Patch User Guide Version 2.3.0 September 18, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is

More information

Tanium Protect User Guide. Version 1.9.3

Tanium Protect User Guide. Version 1.9.3 Tanium Protect User Guide Version 1.9.3 January 08, 2019 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is

More information

Tanium Incident Response User Guide

Tanium Incident Response User Guide Tanium Incident Response User Guide Version 4.4.3 September 06, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided

More information

Tanium Interact User Guide. Version 1.1.0

Tanium Interact User Guide. Version 1.1.0 Tanium Interact User Guide Version 1.1.0 November 08, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and

More information

Tanium Interact User Guide. Version 2.0.0

Tanium Interact User Guide. Version 2.0.0 Tanium Interact User Guide Version 2.0.0 June 29, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is

More information

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco Terminal Services (TS) Agent Guide, Version 1.1 First Published: 2017-05-03 Last Modified: 2017-12-19 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Managing Device Software Images

Managing Device Software Images Managing Device Software Images Cisco DNA Center 1.1.2 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

More information

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE 1.0 Quest Enterprise Reporter Discovery Manager USER GUIDE 2012 Quest Software. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Tanium Protect User Guide. Version 1.0.7

Tanium Protect User Guide. Version 1.0.7 Tanium Protect User Guide Version 1.0.7 February 16, 2017 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and

More information

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco Terminal Services (TS) Agent Guide, Version 1.1 First Published: 2017-05-03 Last Modified: 2017-10-13 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

MobiControl v13: Package Rules to Profiles Migration Guide. January 2016

MobiControl v13: Package Rules to Profiles Migration Guide. January 2016 MobiControl v13: Package Rules to Profiles Migration Guide January 2016 Copyright 2016 SOTI Inc. All rights reserved. This documentation and the software described in this document are furnished under

More information

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide Authentication Services ActiveRoles Integration Pack 2.1.x Administration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

Cisco Terminal Services (TS) Agent Guide, Version 1.0

Cisco Terminal Services (TS) Agent Guide, Version 1.0 First Published: 2016-08-29 Last Modified: 2018-01-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Quest Enterprise Reporter 2.0 Report Manager USER GUIDE

Quest Enterprise Reporter 2.0 Report Manager USER GUIDE Quest Enterprise Reporter 2.0 Report Manager USER GUIDE 2014 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this

More information

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6 Getting Started Guide Copyright 2017 SonicWall Inc. All rights reserved. SonicWall is a trademark or registered trademark of SonicWall Inc.

More information

KACE GO Mobile App 3.1. Release Notes

KACE GO Mobile App 3.1. Release Notes KACE GO Mobile App 3.1 Release Notes Table of Contents Quest KACE GO 3.1 Mobile App Release Notes...3 About the KACE GO Mobile App... 3 Capabilities for KACE Systems Management Appliance (K1000) administrators...

More information

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid Deploying Devices Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION,

More information

SonicWall Directory Connector with SSO 4.1.6

SonicWall Directory Connector with SSO 4.1.6 SonicWall Directory Connector with SSO 4.1.6 November 2017 These release notes provide information about the SonicWall Directory Connector with SSO 4.1.6 release. Topics: About Directory Connector 4.1.6

More information

Tanium Protect User Guide. Version 1.2.0

Tanium Protect User Guide. Version 1.2.0 Tanium Protect User Guide Version 1.2.0 September 20, 2017 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and

More information

ForeScout Extended Module for Carbon Black

ForeScout Extended Module for Carbon Black ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent

More information

Silver Peak EC-V and Microsoft Azure Deployment Guide

Silver Peak EC-V and Microsoft Azure Deployment Guide Silver Peak EC-V and Microsoft Azure Deployment Guide How to deploy an EC-V in Microsoft Azure 201422-001 Rev. A September 2018 2 Table of Contents Table of Contents 3 Copyright and Trademarks 5 Support

More information

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide The Privileged Appliance and Modules (TPAM) 1.0 Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in

More information

KACE GO Mobile App 5.0. Release Notes

KACE GO Mobile App 5.0. Release Notes KACE GO Mobile App 5.0 Release Notes Table of Contents Quest KACE GO 5.0 Mobile App Release Notes...3 About the KACE GO Mobile App... 3 Capabilities for KACE Systems Management Appliance administrators...

More information

SonicWall SonicOS 5.9

SonicWall SonicOS 5.9 SonicWall SonicOS 5.9 April 2017 This provides instructions for upgrading your SonicWall network security appliance to SonicOS 5.9 from a previous release. NOTE: On SonicWall TZ series and some smaller

More information

Forescout. Configuration Guide. Version 2.4

Forescout. Configuration Guide. Version 2.4 Forescout Version 2.4 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191

More information

Cisco TEO Adapter Guide for Microsoft Windows

Cisco TEO Adapter Guide for Microsoft Windows Cisco TEO Adapter Guide for Microsoft Windows Release 2.3 April 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800

More information

July SonicWall SonicOS 6.2 Upgrade Guide

July SonicWall SonicOS 6.2 Upgrade Guide SonicWall SonicOS 6.2 July 2017 This provides instructions for upgrading your SonicWall network security appliance from SonicOS 6.1 firmware or a previous version of SonicOS 6.2 to the latest version of

More information

SonicWall Secure Mobile Access

SonicWall Secure Mobile Access SonicWall Secure Mobile Access 8.5.0.10 November 2017 These release notes provide information about the SonicWall Secure Mobile Access (SMA) 8.5.0.10 release. Topics: About Secure Mobile Access 8.5.0.10

More information

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6 NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

More information

KACE GO Mobile App 4.0. Release Notes

KACE GO Mobile App 4.0. Release Notes KACE GO Mobile App 4.0 Release Notes Table of Contents Quest KACE GO 4.0 Mobile App Release Notes...3 About the KACE GO Mobile App... 3 Capabilities for KACE Systems Management Appliance administrators...

More information

Tanium Core Platform User Guide

Tanium Core Platform User Guide Tanium Core Platform User Guide Version 7.0.314.XXXX November 08, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided

More information

Cisco Meeting Management

Cisco Meeting Management Cisco Meeting Management Cisco Meeting Management 1.1 User Guide for Administrators September 19, 2018 Cisco Systems, Inc. www.cisco.com Contents 1 Introduction 4 1.1 The software 4 2 Deployment overview

More information

Altiris Software Management Solution 7.1 from Symantec User Guide

Altiris Software Management Solution 7.1 from Symantec User Guide Altiris Software Management Solution 7.1 from Symantec User Guide Altiris Software Management Solution 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement

More information

One Identity Management Console for Unix 2.5.1

One Identity Management Console for Unix 2.5.1 One Identity Management Console for Unix 2.5.1 October 2017 These release notes provide information about the One Identity Management Console for Unix release. NOTE: This version of the One Identity Management

More information

Authenticating Cisco VCS accounts using LDAP

Authenticating Cisco VCS accounts using LDAP Authenticating Cisco VCS accounts using LDAP Cisco TelePresence Deployment Guide Cisco VCS X6 D14526.04 February 2011 Contents Contents Document revision history... 3 Introduction... 4 Usage... 4 Cisco

More information

MobiControl v12: Migration to Profiles Guide. December 2014

MobiControl v12: Migration to Profiles Guide. December 2014 MobiControl v12: Migration to Profiles Guide December 2014 Copyright 2014 SOTI Inc. All rights reserved. This documentation and the software described in this document are furnished under and are subject

More information

ForeScout Extended Module for Tenable Vulnerability Management

ForeScout Extended Module for Tenable Vulnerability Management ForeScout Extended Module for Tenable Vulnerability Management Version 2.7.1 Table of Contents About Tenable Vulnerability Management Module... 4 Compatible Tenable Vulnerability Products... 4 About Support

More information

Dell SonicWALL SonicOS 5.9 Upgrade Guide

Dell SonicWALL SonicOS 5.9 Upgrade Guide Dell SonicWALL Upgrade Guide April, 2015 This provides instructions for upgrading your Dell SonicWALL network security appliance to from a previous release. This guide also provides information about importing

More information

User Guide. Version R95. English

User Guide. Version R95. English Discovery User Guide Version R95 English September 18, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS

More information

Dell Change Auditor 6.5. Event Reference Guide

Dell Change Auditor 6.5. Event Reference Guide Dell Change Auditor 6.5 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license

More information

Cisco Prime Network Registrar IPAM 8.3 Quick Start Guide

Cisco Prime Network Registrar IPAM 8.3 Quick Start Guide Cisco Prime Network Registrar IPAM 8.3 Quick Start Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS

More information

Cisco TEO Adapter Guide for

Cisco TEO Adapter Guide for Release 2.3 April 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part

More information

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide CSPC Quick Start Guide Cisco CSPC 2.7.x Quick Start Guide Feb 2018 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 17 Contents Table of Contents 1. INTRODUCTION

More information

Tanium Trace User Guide. Version 2.2.0

Tanium Trace User Guide. Version 2.2.0 Tanium Trace User Guide Version 2.2.0 November 07, 2017 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is

More information

Host Identity Sources

Host Identity Sources The following topics provide information on host identity sources: Overview: Host Data Collection, on page 1 Determining Which Host Operating Systems the System Can Detect, on page 2 Identifying Host Operating

More information

Rapid Recovery License Portal Version User Guide

Rapid Recovery License Portal Version User Guide Rapid Recovery License Portal Version 6.1.0 User Guide 2017 Quest Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007 Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007 Release 2.3 April 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com

More information

SonicWall Secure Mobile Access

SonicWall Secure Mobile Access SonicWall Secure Mobile Access 8.6.0.2 June 2017 These release notes provide information about the SonicWall Secure Mobile Access (SMA) 8.6.0.2 release. Topics: About Secure Mobile Access 8.6.0.2 Supported

More information

Wireless Clients and Users Monitoring Overview

Wireless Clients and Users Monitoring Overview Wireless Clients and Users Monitoring Overview Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT

More information

Security Explorer 9.1. User Guide

Security Explorer 9.1. User Guide Security Explorer 9.1 User Guide Security Explorer 9.1 User Guide Explorer 8 Installation Guide ii 2013 by Quest Software All rights reserved. This guide contains proprietary information protected by copyright.

More information

Tanium Appliance Installation Guide

Tanium Appliance Installation Guide Tanium Appliance Installation Guide Version 1.0.0 September 25, 2017 The information in this document is subject to change without notice. Further, the information provided in this document is provided

More information

ForeScout Extended Module for MaaS360

ForeScout Extended Module for MaaS360 Version 1.8 Table of Contents About MaaS360 Integration... 4 Additional ForeScout MDM Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...

More information

Cisco FindIT Plugin for Kaseya Quick Start Guide

Cisco FindIT Plugin for Kaseya Quick Start Guide First Published: 2017-10-23 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE

More information

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2 Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Cisco Expressway Authenticating Accounts Using LDAP

Cisco Expressway Authenticating Accounts Using LDAP Cisco Expressway Authenticating Accounts Using LDAP Deployment Guide Cisco Expressway X8.5 December 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration 4

More information

CounterACT VMware vsphere Plugin

CounterACT VMware vsphere Plugin CounterACT VMware vsphere Plugin Configuration Guide Version 2.0.0 Table of Contents About VMware vsphere Integration... 4 Use Cases... 4 Additional VMware Documentation... 4 About this Plugin... 5 What

More information

User Guide. Version R9. English

User Guide. Version R9. English Discovery User Guide Version R9 English March 5, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

CounterACT DHCP Classifier Plugin

CounterACT DHCP Classifier Plugin CounterACT DHCP Classifier Plugin Version 2.0.7 and Above Table of Contents About the CounterACT DHCP Classifier Plugin... 3 What to Do... 3 Requirements... 4 Install the Plugin... 4 Concepts, Components,

More information

One Identity Active Roles 7.2

One Identity Active Roles 7.2 One Identity December 2017 This document provides information about the Active Roles Add_on Manager7.2. About Active Roles Add_on Manager New features Known issues System requirements Getting started with

More information

Tanium Interact User Guide. Version 1.0.0

Tanium Interact User Guide. Version 1.0.0 Tanium Interact User Guide Version 1.0.0 May 07, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed

More information

Quest Collaboration Services 3.6. Installation Guide

Quest Collaboration Services 3.6. Installation Guide Quest Collaboration Services 3.6 Installation Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Validating Service Provisioning

Validating Service Provisioning Validating Service Provisioning Cisco EPN Manager 2.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

More information

Provisioning an OCH Network Connection

Provisioning an OCH Network Connection Provisioning an OCH Network Connection Cisco EPN Manager 2.0 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

More information

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1 ForeScout CounterACT Hybrid Cloud Module: VMware vsphere Plugin Version 2.1 Table of Contents About VMware vsphere Integration... 4 Use Cases... 4 Additional VMware Documentation... 4 About this Plugin...

More information

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide One Identity Active Roles 7.2 Configuration Transfer Wizard Administrator Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

WhatsConfigured v3.1 User Guide

WhatsConfigured v3.1 User Guide WhatsConfigured v3.1 User Guide Contents Table of Contents Welcome to WhatsConfigured v3.1 Finding more information and updates... 1 Sending feedback... 2 Deploying WhatsConfigured STEP 1: Prepare the

More information

Deploying IWAN Routers

Deploying IWAN Routers Deploying IWAN Routers Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

More information

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.2 D14465.07 June 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration

More information

ForeScout Extended Module for Qualys VM

ForeScout Extended Module for Qualys VM ForeScout Extended Module for Qualys VM Version 1.2.1 Table of Contents About the Qualys VM Integration... 3 Additional Qualys VM Documentation... 3 About This Module... 3 Components... 4 Considerations...

More information

CounterACT VMware vsphere Plugin

CounterACT VMware vsphere Plugin Configuration Guide Version 2.0.1 Table of Contents About VMware vsphere Integration... 4 Use Cases... 4 Additional VMware Documentation... 4 About this Plugin... 5 What to Do... 5 Requirements... 5 CounterACT

More information

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018 ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk November 2018 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,

More information

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide One Identity Adapter 6.0 Administrator Guide Copyright 2017 Quest Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Aprimo Marketing Studio Configuration Mover Guide

Aprimo Marketing Studio Configuration Mover Guide Aprimo Marketing Studio 9.0.1 Configuration Mover Guide The product or products described in this book are licensed products of Teradata Corporation or its affiliates. Aprimo and Teradata are registered

More information

ForeScout Extended Module for Advanced Compliance

ForeScout Extended Module for Advanced Compliance ForeScout Extended Module for Advanced Compliance Version 1.2 Table of Contents About Advanced Compliance Integration... 4 Use Cases... 4 Additional Documentation... 6 About This Module... 6 About Support

More information

HYCU SCOM Management Pack for F5 BIG-IP

HYCU SCOM Management Pack for F5 BIG-IP USER GUIDE HYCU SCOM Management Pack for F5 BIG-IP Product version: 5.5 Product release date: August 2018 Document edition: First Legal notices Copyright notice 2015-2018 HYCU. All rights reserved. This

More information

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems One Identity Manager 8.0 Administration Guide for Connecting Unix- Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software

More information

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0 Cloud Access Manager 8.1.3 How to Configure for SSO to SAP Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

Domain Setup Guide. NetBrain Integrated Edition 7.1. All-in-One Appliance

Domain Setup Guide. NetBrain Integrated Edition 7.1. All-in-One Appliance NetBrain Integrated Edition 7.1 Domain Setup Guide All-in-One Appliance Version 7.1a Last Updated 2018-09-27 Copyright 2004-2018 NetBrain Technologies, Inc. All rights reserved. Contents 1. Setting Up

More information

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide One Identity Active Roles 7.2 Azure AD and Office 365 Management Administrator Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free: EventTracker Enterprise Install Guide 8815 Centre Park Drive Publication Date: Aug 03, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users install

More information

IBM. Migration Cookbook. Migrating from License Metric Tool and Tivoli Asset Discovery for Distributed 7.5 to License Metric Tool 9.

IBM. Migration Cookbook. Migrating from License Metric Tool and Tivoli Asset Discovery for Distributed 7.5 to License Metric Tool 9. IBM License Metric Tool 9.x Migration Cookbook Migrating from License Metric Tool and Tivoli Asset Discovery for Distributed 7.5 to License Metric Tool 9.x IBM IBM License Metric Tool 9.x Migration Cookbook

More information

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9 Cisco UCS C-Series IMC Emulator Quick Start Guide Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9 Revised: October 6, 2017, Cisco IMC Emulator Overview About

More information

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2 Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191

More information

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.2

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.2 Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.2 Software Release Notes First Published: April 2016 Software Version 5.2 Cisco Systems, Inc. 1 www.cisco.com 2 Preface Change History

More information

LiteSpeed for SQL Server 6.1. Configure Log Shipping

LiteSpeed for SQL Server 6.1. Configure Log Shipping LiteSpeed for SQL Server 6.1 Configure Log Shipping 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

SonicWall Content Filtering Client for Windows and Mac OS

SonicWall Content Filtering Client for Windows and Mac OS SonicWall Content Filtering Client 3.1.60 for Windows and Mac OS January 2018 These release notes provide information about SonicWall Content Filtering Client 3.1.60 release for Windows and Mac OS. Topics:

More information

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances Recovery Guide for Cisco Digital Media Suite 5.4 Appliances September 17, 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408

More information

Polycom RealPresence Resource Manager System

Polycom RealPresence Resource Manager System Upgrade Guide 8.2.0 July 2014 3725-72106-001E Polycom RealPresence Resource Manager System Copyright 2014, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into

More information

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide One Identity Starling Two-Factor Desktop Login 1.0 Administration Guide Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software

More information